Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static IP address to Web server in DMZ 2

Status
Not open for further replies.
wstran

wstran

MIS
Jul 18, 2002
46
US
Hello,

My ISP gave me two static IP addresses, one for ISP connection and one for Web server. Please advise me if it OK to set up my network like the following:

ISP Internet
|
| 66.45.102.112 (First static IP address from ISP)
Router 3700
| 10.10.10.1
|
| 10.10.10.2
PIX 515E
| 192.168.7.1 (DMZ)
|
|
Web server 66.45.102.226(Second static IP address from ISP)

The reason I want to use static IP address for my Web server because my ISP told me to use it for more security.

Thanks in advance.





 
Sort by date Sort by votes
That's not a problem... of course the web server would actually have an internal private IP like the rest of the LAN..

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Thanks LloydSev for your prompt reply! Do you mean I need to assign the internal private IP such as 192.168.7.2 to my Web server and then translate it into static IP 66.45.102.226 by NAT? In other words, I would like the world to see my Web server as 66.45.102.226.

If that is exactly what you mean, please show me how to do that, thanks!
 
Upvote 0 Downvote
Yes, that is what I am referring to.

You mentioned you have a 3700 router? Is that a Cisco 3700 Router?

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
You'll need to use static NAT in two places. One on the router to go from 66.45.102.226 to, say, 10.10.10.3, and again on the Pix to go from 10.10.10.3 to 192.168.7.2.

In my experience, when an ISP says you get x number of addresses, those are for your LAN, separate from the serial link's address. This may not be true in your case.
 
Upvote 0 Downvote
Thanks lgarner. I have two questions when you said I need two static NAT at the router(66.45.102.226 -- 10.10.10.3)and the PIX(10.10.10.3 -- 192.168.7.2):

1. Do I need to assign physically 10.10.10.3 to an interface in the router or PIX?
2. Do I need to assign 192.168.7.2 to my Web server?

Sorry for my dumb questions but this is the first time I'm doing this!
 
Upvote 0 Downvote
not at all..

he's referring to what most call "IP Mapping". Cisco calls is static mapping.

You have one internal computer, with IP address 192.168.7.x, you need to make that system seem to appear on the network between the PIX and Router, so you apply a static statement to do so..

static (inside,outside) 10.10.10.x 192.168.7.x netmask 255.255.255.255 0 0

Then you'll need to place one on the Cisco router as well, to assign the system a public IP from 10.10.10.x to the public IP.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
809
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
685
XLNTech1
XLNTech1
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
982
intel233
intel233
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
247
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top